Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Defend brute force attacks, active intrusions and unauthorized scans.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREATA recently disclosed vulnerability impacting Zimbra mail servers is being actively exploited by attacker(s). On September 27th, Zimbra publicly disclosed CVE-2024-45519, a…
Sep 17, 2024THE THREAT Technical details and Proof-of-Concept (PoC) exploit code for the critical Ivanti Endpoint Manager (EPM) vulnerability CVE-2024-29847 are now publicly available.…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On October 16th, 2023, Cisco issued an advisory about an actively exploited vulnerability in the web UI feature of Cisco IOS XE Software when exposed to untrusted networks or the internet.
Designated as CVE-2023-20198, with a maximum severity CVSS score of 10.0, this vulnerability permits remote attackers, without authentication, to establish an account on a compromised system with privilege level 15 access. The attacker can leverage this unauthorized account to seize control of the affected device. Additionally, it is probable that internet-exposed devices are compromised. Based on open-source analysis conducted by eSentire Threat Intelligence, implant strings were detected on just under 50% of exposed systems based on a review of 1000 exposed systems.
Cisco has clarified that there's no available workaround or patch for this flaw, as of October 17th, 2023, making the mitigation suggestion paramount to apply as soon as possible. Cisco strongly recommends that "customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the ‘no ip http server’ or ‘no ip http secure-server' command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature."
They've also noted indications of the system potentially being compromised, highlighting the seriousness of active exploitation in the wild. Additionally, eSentire TRU has identified exploitation in the wild dating back to at least October 12. Given the gravity of this exploit and the absence of any immediate patches, organizations must assess their exposure and take protective measures.
Cisco has identified an ongoing active exploitation of a previously undisclosed vulnerability in Cisco IOS XE software's Web User Interface (Web UI) feature (CVE-2023-20198). The vulnerability impacts physical and virtual devices running the Web UI software with the HTTP or HTTPS Server feature activated. The Web UI is bundled with the default image, implying that no extra licenses or setups are required for its activation. Upon successful exploitation, the intruder can fabricate an account with privilege level 15 on the compromised device, thus acquiring absolute control of the device and providing a foothold for further unauthorized activities.
Cisco's advisory to deactivate the HTTP server feature on systems, accessible via the Internet, is not just a best practice but also echoes the advisory guidelines previously provided by the U.S. government, emphasizing the risks associated with publicly accessible management interfaces.
The discovery of this vulnerability emerged from a collaborative effort between Cisco support centers and their security team. This collaboration identified unique indicators from a minuscule fraction of cases among the typically high daily case influx.
When this was published on October 17th, no proof-of-concept code was found to be publicly available for CVE-2023-20198. Given the severity of this vulnerability, adherence to the guidelines in Cisco's PSIRT advisory should be prioritized. Organizations, potentially impacted by this vulnerability, must promptly integrate the mitigation steps and perform retroactive sweeps to verify exploitation was not achieved.
Indicators of Compromise:
205.185.123[.]17 | IP Address |
162.33.177[.]204 | IP Address |
5.149.249[.]74 | IP Address |
154.53.56[.]231 | IP Address |
cisco_tac_admin | Username |
cisco_support | Username |
[1] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
[2] Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
[3] CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild
[4] Shodan Search
[5] https://www.cisa.gov/news-events/news/website-security
[6] https://vulncheck.com/blog/cisco-implants